<?php
/******************************************************
v4 - Management Framework
Copyright (C) 2008  Gary Taylor, gMerc Incorporation
http://www.gmerc.com/v4/

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

gary@gmerc.com
******************************************************/
class authentication {
  function picturestxt_check_permission($cinp='',$lvl='',$cdirpath='',$cpage='') {
    global $masterclass;
    $ret='';
    $strsql='';

    switch ($lvl) {
     case 'page':
/* Page Permissions */
      return $masterclass->unify_permissionvalue($masterclass->site['defaultpagepermission']);
     break;
     case 'field':
      return $masterclass->unify_permissionvalue($masterclass->site['defaultfieldpermission']);
     break;
    }
  return $masterclass->unify_permissionvalue($masterclass->site['defaultpagepermission']);
  }
  function picturestxt_checktoken() {
    global $masterclass;

    if (!isset($_SESSION['authtoken']) || $_SESSION['authtoken']=='') { return false; }

  return false;
  }
  function picturestxt_checktokentimeout() {
    global $masterclass;

    if (!isset($_SESSION['authtoken']) || $_SESSION['authtoken']=='') { return false; }
  return;
  }
  function picturestxt_loginauth($login_username,$login_password) {
    global $masterclass;
    if ($login_username=='' && $login_password=='') { return $masterclass->unify_permissionvalue(0); }
    
    if (isset($masterclass->site['authentication_picturestxt_file']) && is_file($masterclass->site['authentication_picturestxt_file'])) {
      $authfile=fopen($masterclass->site['authentication_picturestxt_file'], "r");
      while (!feof($authfile)) {
        $authline = fgets($authfile, 4096);
        $arrauthline=explode(':',$authline);
        if (trim($arrauthline[0])==$login_username && trim($arrauthline[1])==$login_password) {
          $_SESSION['authtoken']=$login_username;
          return $masterclass->unify_permissionvalue(1);
        }
      }
      fclose($authfile);
    }

  return $masterclass->unify_permissionvalue(0);
  }
  function picturestxt_removetoken() {
    global $masterclass;
    
    unset($_SESSION['authtoken']);
    
  return;
  }
  
  function mysql_check_permission($cinp='',$lvl='',$cdirpath='',$cpage='') {
    global $masterclass;
    $ret='';
    $strsql='';

    switch ($lvl) {
     case 'pemissionkey':
/* field Permissions */
      $strsql=sprintf("SELECT `auth` FROM `permissions` WHERE `auth`='%s' ",$masterclass->allclasses['mysql_functions']->formatmysqlstr($masterclass->swap_permissionvalue($masterclass->unify_permissionvalue($masterclass->site['defaultfieldpermission']))));
      $strsql.=sprintf(" AND (`dirpath`='%s' AND `page`='%s') AND (`pemissionkey`='%s' OR `pemissionkey`='any') ",$masterclass->allclasses['mysql_functions']->formatmysqlstr($cdirpath),$masterclass->allclasses['mysql_functions']->formatmysqlstr($cpage),$masterclass->allclasses['mysql_functions']->formatmysqlstr($cinp));
      $strtrackingwhere=$masterclass->mysql_trackrecord_where();
      if ($strtrackingwhere!='') { $strsql.=" AND (".$strtrackingwhere.") "; }

      $permissions=$masterclass->allclasses['mysql_functions']->fetch_assoc($strsql);
      if (!empty($permissions)) { return $masterclass->swap_permissionvalue($masterclass->unify_permissionvalue($masterclass->site['defaultfieldpermission'])); } else { return $masterclass->unify_permissionvalue($masterclass->site['defaultfieldpermission']); }
     break;
     case 'page':
/* Page Permissions */
      $strsql=sprintf("SELECT `auth` FROM `permissions` WHERE `auth`='%s' ",$masterclass->allclasses['mysql_functions']->formatmysqlstr($masterclass->swap_permissionvalue($masterclass->unify_permissionvalue($masterclass->site['defaultpagepermission']))));
      $strsql .= sprintf(" AND (`dirpath`='%s' AND `page`='%s') ",$masterclass->allclasses['mysql_functions']->formatmysqlstr($cdirpath),$masterclass->allclasses['mysql_functions']->formatmysqlstr($cpage));
      $strtrackingwhere=$masterclass->mysql_trackrecord_where();
      if ($strtrackingwhere!='') { $strsql.=" AND (".$strtrackingwhere.") "; }

      $permissions=$masterclass->allclasses['mysql_functions']->fetch_assoc($strsql);
      if (!empty($permissions)) { return $masterclass->swap_permissionvalue($masterclass->unify_permissionvalue($masterclass->site['defaultpagepermission'])); } else { return $masterclass->unify_permissionvalue($masterclass->site['defaultpagepermission']); }
     break;
    }

  return '';
  }
  function mysql_loginauth($login_username,$login_password) {
    global $masterclass;

    $strsql=sprintf("SELECT `id`,`trackingvar`,`trackingid` FROM `logins` WHERE `active`='1' AND `username`='%s' AND `password`='%s' LIMIT 0,1",$masterclass->allclasses['mysql_functions']->formatmysqlstr($login_username),$masterclass->allclasses['mysql_functions']->formatmysqlstr($login_password));
    $authentication=$masterclass->allclasses['mysql_functions']->fetch_assoc($strsql);
    if (!empty($authentication)) {
      $_SESSION['authtoken']=time().uniqid(rand(65,90).time());
      $dbinfo=array('table'=>'personnelauth','static'=>array('ipaddress'=>$_SERVER['REMOTE_ADDR'],'trackingvar'=>$authentication[0]['trackingvar'],'trackingid'=>$authentication[0]['trackingid'],'authtoken'=>$_SESSION['authtoken']));
      $masterclass->site['authid']=$masterclass->db_insert($dbinfo);
      return true;
    }
  return false;
  }
  function mysql_checktoken() {
    global $masterclass;

    if (!isset($_SESSION['authtoken']) || $_SESSION['authtoken']=='') { return false; }

    $strsql=sprintf("SELECT `id` FROM `personnelauth` WHERE `authtoken`='%s'",$masterclass->allclasses['mysql_functions']->formatmysqlstr($_SESSION['authtoken']));
    $authentication=$masterclass->allclasses['mysql_functions']->fetch_assoc($strsql);
    if (isset($authentication[0]['id'])) {
      return true;
    }
  return false;
  }
  function mysql_checktokentimeout() {
    global $masterclass;

    if (!isset($_SESSION['authtoken']) || $_SESSION['authtoken']=='') { return false; }

    $strsql=sprintf("SELECT `id`,`trackingvar`,`trackingid` FROM `personnelauth` WHERE `authtoken`='%s' AND (`loggedout`='0000-00-00 00:00:00' AND `updated`>'".date("Y-m-d H:i:s",mktime(date("H"),date("i")-30,date("s"),date("m"),date("d"),date("Y")))."') ORDER BY `updated` DESC LIMIT 0,1",$masterclass->allclasses['mysql_functions']->formatmysqlstr($_SESSION['authtoken']));
    $authentication=$masterclass->allclasses['mysql_functions']->fetch_assoc($strsql);
    if (isset($authentication[0]['id'])) {
      $masterclass->site[$authentication[0]['trackingvar']]=$authentication[0]['trackingid'];
      $masterclass->site['trackingvar']=$authentication[0]['trackingvar'];
      $masterclass->site['authid']=$authentication[0]['id'];
      $masterclass->sitevars['authid']=$authentication[0]['id'];
      $dbinfo=array('table'=>'personnelauth','trackingid'=>'authid','static'=>array('ipaddress'=>$_SERVER['REMOTE_ADDR']));
      $masterclass->db_update($dbinfo);
    return true;
    }
  return false;
  }
  function mysql_removetoken() {
    global $masterclass;
    
    $dbdata=array('table'=>'personnelauth','trackingid'=>'authid','static'=>array('ipaddress'=>$_SERVER['REMOTE_ADDR'].'-LOGGED OFF'));
    $masterclass->db_update($dbdata);
    $strsql = sprintf("UPDATE `personnelauth` SET `ipaddress`='%s',`loggedout`='".date("Y-m-d H:i:s")."' WHERE `authtoken`='%s'",$masterclass->allclasses['mysql_functions']->formatmysqlstr($_SERVER['REMOTE_ADDR'].'-LOGGED OFF'),$masterclass->allclasses['mysql_functions']->formatmysqlstr($_SESSION['authtoken']));
    $masterclass->allclasses['mysql_functions']->run_query($strsql);
    unset($masterclass->site['personnelid']);
    unset($masterclass->sitevars['authid']);
    unset($_SESSION['authtoken']);
    
  return;
  }
}
?>